The Department of Defense released new guidance on its premiere cybersecurity regulation for contractors Thursday, streamlining the process by which the Pentagon plans to help safeguard its supply chains and potentially lowering costs of compliance for companies in the defense industrial base.
Most notably the new guidance, dubbed Cybersecurity Maturity Model Certification (CMMC) 2.0, reduces the previously planned five levels of cybersecurity standards that the DOD would require contractors in the defense industrial base to meet. That number is now down to three levels.
The number of security controls required at each level has also been reduced, down from 171 in the previous advanced level requirement to 110-plus in the new version. The levels still adhere to National Institute of Standards and Technology (NIST) cybersecurity standards, defense officials said.
The move comes after DOD officials in March began an internal review of the regulation to incorporate more than 850…
Read the full story from the Washington Business Journal.
